package cn.edu.usst.cs.goldfish.booking.meetingroom.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;


@Configuration
public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(AbstractHttpConfigurer::disable)  // 如果是 API，通常关闭 CSRF
                .authorizeHttpRequests(auth -> auth
                                .requestMatchers(
                                        "/api/auth/register/**",
                                        "/api/auth/login/**",
                                        "/api/**",
                                        "/css/**",
                                        "/js/**"  // 视你项目需要放行的资源，设置正确路径
                                ).permitAll()
                                .anyRequest()
//                        .authenticated()
                                .permitAll()
                )
                .sessionManagement(sess ->
                        sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS));  // 如使用 token
        return http.build();
    }
}
